Security Alert

Cybersecurity Tip: Data Scraping

You may have seen the terms “data scraping” or “web scraping” in news stories lately, and asked yourself, “What is data scraping?” Look no further, the pros in OIT have got the answer.

What information can be scraped?

Websites can include a lot of important data – much of which is information that users provide. Think for a moment, what information have you made publicly available on the web? Perhaps within your Facebook or LinkedIn profile details you’ve shared your name, degrees, relationships, location and work history. How many of your account security questions can be answered by this information? For example: what was your first job, or what is your maternal grandfather’s name?

How does it work?

Malicious actors use web scraping tools to extract data from websites. Data scraping creates feeds of information for easy parsing and analysis. Content can be scraped from multiple websites (a phone number here/an email address there) to combine the information and establish an entire user profile.

Note – data scraping is not always used for malicious activities. Marketing companies, content creators and designers often use data scraping tools to research their customer base, find leads or personalize advertisements. Although not malicious, consider asking yourself – do I want companies to know this much information about me?

Limit sharing.

Here is a key tip to limiting what personal information about you can be scraped off of the web: limit what you put out there! If less of your personal information exists online, less information can be scraped and used – by marketing companies or by malicious actors.

Recently, scraped data from 500 million LinkedIn users was posted online. To be clear – LinkedIn did not experience a data breach, rather actors scraped publicly available content from the site, compiled it together then posted it online. The data included account usernames, full names, email addresses, phone numbers, workplace information, genders and links to other social media accounts.

Review your online profiles, and consider what you want malicious actors and marketers to know about you. Remember – information posted online can be made available to audiences beyond your “friends,” so be cautious what you share.

OIT Tax Tips

This year’s tax deadline has been extended, which means phishers and scammers have even more time than normal to trick individuals with tax scams. OIT has tips for UA students, faculty and staff to keep sensitive tax information safe this spring.

Beware of phone and email scams.

Do not be fooled by phone calls or emails that threaten to be the IRS demanding immediate payment. If you owe money to the IRS, you will receive a bill by mail, not a phone call or email.

Additionally, malicious actors may pose as the IRS and send messages with content such as “Where’s My Refund” or “Tax Refund Payment” attempting to lure in victims. These messages often include web links where they will ask the message recipient to submit sensitive information including a Social Security number, date of birth and prior year annual gross income. Be mindful of the red flags of phishing to easily spot phishing emails.

Store documents in a safe place.

You wouldn’t leave a paper copy of your W2 sitting on a public bench. The same rules apply to online storage! Tax documents should be stored on a secure hard drive or personal, encrypted cloud storage account.

Send documents in a secure manner.

Do not email sensitive documents as an attachment. To share files, OIT recommends storing them in a secure cloud storage account, and sharing access to that account with only individuals you trust. OIT also recommends that faculty and staff use a personal email account for tax purposes. The email account should be secured with a strong password and two-factor authentication. Gmail offers Google Two-Step as an easy way to better secure email accounts.

Select a secure accountant.

If you choose to use an accounting service or company to file your taxes for you, ensure they have a record of good cybersecurity practices. By employing a tax accountant, you are trusting them with your most sensitive data. It isn’t out of reason to ask what measures they take to ensure your data is safe.

Tax-related identity theft is the most common type of identity theft. To learn more tips about how to protect your tax information, visit the IRS website, Identity Theft Central.

Student Phishing Alert – March 3, 2021

Wednesday, March 3, many UA students received a phishing email that featured the subject title “P/A WORK APPLICATION”.

This email is a scam, not an actual work application. A screenshot of the phishing message is below.  If you received this message, please delete it. Take a moment to review the red flags of phishing to learn how to spot common phishing emails like these.

If you have any questions or concerns, contact OIT Security at 205-348-5555 or itsd@ua.edu.

student phishing email

LifeLock with Norton – Personal Machines Only

As a part of the benefits package offered to faculty and staff, The University of Alabama offers identity theft protection from LifeLock with Norton.

This service provides enrollees with identity protection and credit monitoring as well as Norton 360 antivirus software. Enrollees are permitted to use the Norton 360 antivirus software on personal machines only. University machines are protected with McAfee antivirus software which will not work effectively alongside Norton antivirus software.

If you have installed Norton 360 on a University machine please work with IT support in your area to remove the software. Additionally, Norton 360 customers may contact member services at 800-607-9174 for assistance removing the software. Dedicated Norton agents are available 8am-6pm CST for assistance.

Student Phishing Alert – Dec. 1

Tuesday, Dec. 1, more than 600 UA students received a phishing email that featured the subject title “FIXED TERM (PART-TIME JOB)”.

This email is a scam, attempting to trick students into providing information for a fake job opportunity. A screenshot of the phishing message is below. If you received this message, please delete it. Take a moment to review the red flags of phishing to learn how to spot common phishing emails like these.

If you have any questions or concerns, contact OIT Security at 205-348-5555 or itsd@ua.edu.

student phishing